MDKSA-2002:017

Problem description

Several flaws exist in various versions of PHP in the way it handles
multipart/form-data POST requests, which are used for file uploads.
The php_mime_split() function could be used by an attacker to execute
arbitrary code on the server. This affects both PHP4 and PHP3. The
authors have fixed this in PHP 4.1.2 and provided patches for older
versions of PHP.